From a19c27f75b4148bda488f28d07fd92187ea88807 Mon Sep 17 00:00:00 2001
From: Scott Battaglia <scott.battaglia@gmail.com>
Date: Mon, 31 Oct 2011 02:44:07 +0000
Subject: [PATCH] CASC-165

disable DTD reading.
---
 .../src/main/java/org/jasig/cas/client/util/XmlUtils.java     | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/cas-client-core/src/main/java/org/jasig/cas/client/util/XmlUtils.java b/cas-client-core/src/main/java/org/jasig/cas/client/util/XmlUtils.java
index 5496001..064ccd0 100644
--- a/cas-client-core/src/main/java/org/jasig/cas/client/util/XmlUtils.java
+++ b/cas-client-core/src/main/java/org/jasig/cas/client/util/XmlUtils.java
@@ -53,7 +53,9 @@ public final class XmlUtils {
      */
     public static XMLReader getXmlReader() {
         try {
-            return XMLReaderFactory.createXMLReader();
+            final XMLReader reader = XMLReaderFactory.createXMLReader();
+            reader.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
+            return reader;
         } catch (final SAXException e) {
             throw new RuntimeException("Unable to create XMLReader", e);
         }